Taipei employees’ financial data leaked

VULNERABILITY:Some city government employees whose computers had malware could have downloaded Yahoo Taiwan software, resulting in the leak, an official said

By Sean Lin / Staff reporter

The results of a search for the Taipei City Government employee salary list are pictured in this photograph taken on Tuesday.

Photo: Liu Ching-hou, Taipei Times

An information security breach led to financial data concerning at least 2,000 Taipei City Government employees being leaked on Tuesday night, with city officials ascribing the incident to outdated and vulnerable data management software.

The information, which was leaked to Yahoo Taiwan’s search engine, included the names, pay grades, salaries and bank accounts of employees at the Department of Transportation, the Construction Management Office, the Department of Civil Servant Development and the Hydraulic Engineering Office.

“The [data management] program has not been updated for 15 years. Its capacity to uphold information security is inferior,” Taipei Mayor Ko Wen-je (柯文哲) said in response to media requests for comment on the issue at an event to promote the sale of merchandise to mark the Lunar New Year holiday.

Ko said that he had instructed the Taipei Department of Information Technology, which operates the program, to determine the severity of the leak and to come up with a plan to update the software.

The leak should not be treated as an isolated incident and he will instruct the department to update all software used by the city government regularly, Ko said.

The city’s old software is expected to be overhauled this year, as the Taipei City Council on Tuesday approved a city government’s request for more funds to update its system, he added.

Separately yesterday, Taipei Department of Information Technology Commissioner Lee Wei-bin (李維斌) said that the breach was secured 10 minutes after the department was informed about it by the Taipei Police Department.

The department of information yesterday morning met with Executive Yuan officials and raised the severity of the breach from level one to level three, Lee said.

He urged employees whose bank accounts have been leaked to change their passwords.

Some city government employees whose computers were contaminated by malware could have downloaded software developed by Yahoo Taiwan, resulting in the information leak, he said.

The department of information has been granted a budget of NT$23 million (US$720,213) by the Taipei City Council to investigate the leak, he said.

According to the Chinese-language Apple Daily, Control Yuan member Kao Feng-hsien (高鳳仙) has also opened an investigation into the incident.

In related news, Ko yesterday said that the Taipei Clean Government Committee would likely remain in operation even though the city council on Monday withdrew its budget.

The Control Yuan in August last year issued a corrective measure against the municipal government over its handling of the Taipei Dome project, saying that the committee’s operations lacked a legal basis.

Ko yesterday said that he did not “invent” the committee, as it has been operating under the title of Taipei Clean Government and Anti-Corruption Center since former Taipei mayor Hau Lung-bin’s (郝龍斌) tenure.

The committee’s work has helped the city reclaim NT$3.35 billion in land that Radium Life Tech Co undervalued in the MeHas City housing project, renegotiate a more profitable and reasonable contract with Eslite Group over its use of the Taipei New Horizon building and reported former Taipei Department of Finance head Lee Sush-der (李述德) to the Taipei District Prosecutors’ Office over Lee’s alleged malpractice in the Dome project, the mayor said.